Countless incidents and problems related to security such as exploitation of information being decrypted and illegal impersonation of a particular individual have become social issues. Accordingly, both individuals and companies need to take measures against information leakage, and encryption of information and secrets have become a must.
The main stream of information encryption is to provide resistance to decryption, by adopting methods such as a Data Encryption Standard (DES), an Advanced Encryption Standard (AES), a Rivest Shamir Adleman (RSA) public-key cryptosystem, and Mitsubishi Improved Security Technology (MISTY) (common key cryptosystem), and increasing computational complexity of decryption. To increase the computational complexity of decryption, methods have been considered, such as a method of increasing the encryption key size and a method of increasing the number of times of arithmetic operations.
In recent years, as a method of specifying an encryption method from hardware, the decryption has been performed to specify the type, the number of times, and the contents of the arithmetic operation, from the power distribution and the amount of power fluctuations on a chip of the processor that performs encryption, as depicted in FIG. 8. More specifically, one such method is Differential Power Analysis (DPA) that specifies a secret key used for encryption, by analyzing power consumption during encryption performed by a microcomputer. The power consumption analyzed by the DPA can generally be measured, by providing resistance between Vcc and GND on a processor chip, and observing the voltage at the both ends.
Technologies are disclosed that prevent decryption such as the DPA, by controlling power consumed by hardware in a system and by averaging power consumed by the whole system, using the number of times the serial data has changed. Such technologies are disclosed in, for example, Japanese Laid-open Patent Publication No. 2004-56363 and Japanese Patent No. 3933647. Similarly, technologies are disclosed that prevent decryption, by reducing the correlation between power consumption and encrypted data by adding random data to the data that transmits on a bus and transferring the data, and by making a processor randomly execute instructions. Such technologies are disclosed in, for example, Japanese Laid-open Patent Publication No. 2005-223477 and United States Patent Application Publication No. 2005/0273631.
All the conventional technologies described above try to increase the strength of encryption by increasing the computational complexity. However, if the movement of hardware itself is decrypted, the encryption algorithm is known. This poses a problem of reducing the encryption strength.
More specifically, even if the power consumed in the entire system is averaged by controlling the power consumed by the hardware in the system, as in these days, if a target of attack is a processor main body, or an individual hardware module in the computer, this is not effective. Even if the power consumed in the entire system is averaged, by producing serial data corresponding to the number of times that the serial data does not change and by entering the data in a dummy circuit identical to an encryption processing circuit, other encryption using data other than the serial data also exists. Accordingly, the applicable range is limited and it is not effective as a countermeasure to analyze power consumed in encrypting general parallel data.
Even if the power consumption analysis is made difficult, by reducing the correlation between power consumption and encrypted data, by adding random data to the data transmitted on a bus and transferring the data, if the power consumption is analyzed from an internal component of a microprocessor and the like, it is not effective. Even if a processor randomly executes instructions, by setting a particular control flag, before and after the encryption program, the instructions are not randomly executed during encryption. Accordingly, it is not effective when power consumption is analyzed.